1) Swallowing the redirect and returning the object will create a behavioural exception for creation events (vs. other api calls)
2) You'd create a case where an object will have URL of https://
3) You'd lose any parameters on forward
4) If you implemented it by literally simulating the GET via web services, you'd lose the session - i.e. you'd get a 403 when accessing a protected object.